VMware

Attackers exploit VMware ESXi RCE vulnerability to deliver ESXiArgs ransomware

French authorities and security researchers warn attackers have been exploiting two-year old VMware ESXi remote code execution (RCE) vulnerability (CVE-2021-21974) to deliver ESXiArgs ransomware.

Attackers exploit VMware ESXi RCE vulnerability to deliver ESXiArgs ransomware Read More »

VMware Cloud Foundation update fixes Critical RCE vulnerability (CVE-2021-39144) with published exploit code

VMware has released a security update for VMware Cloud Foundation that fixes a Critical RCE vulnerability via XStream (CVE-2021-39144) and warns exploit code has been published against VCF (NSX-V).

VMware Cloud Foundation update fixes Critical RCE vulnerability (CVE-2021-39144) with published exploit code Read More »

Palo Alto Networks: Network Security Trends report highlights common RCE vulnerability exploits against web apps

Palo Alto Networks Unit 42 researchers released a new report “Network Security Trends” that highlights how attackers are exploiting remote code execution (RCE), cross-site scripting (XSS), traversal and information disclosure vulnerabilities in multiple vendor products.

Palo Alto Networks: Network Security Trends report highlights common RCE vulnerability exploits against web apps Read More »

CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The issues include recently patched Chrome zero-day CVE-2022-1364.

CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day) Read More »

hacking, security, cyber-4038037.jpg

Cisco issues Critical security updates for Spring Framework vulnerability

Cisco has issued an updated Critical security advisory for a Spring Framework vulnerability CVE-2022-22965 that affects multiple Cisco products. The networking giant also released a security update for a Critical LAN wireless controller vulnerability.

Cisco issues Critical security updates for Spring Framework vulnerability Read More »

security, alarm, monitor-5043368.jpg

CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical VMware Workspace ONE Access and Identity Manager vulnerability to its Known Exploited Vulnerabilities Catalog. VMware also confirmed known exploits in the wild have been detected for CVE-2022-22954.

CISA adds Critical VMware Workspace ONE Access and Identity Manager vulnerability to Catalog of exploited vulnerabilities Read More »

VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)

VMware has released Critical updates for VMware Workspace ONE Access, Identity Manager and vRealize that address multiple vulnerabilities. VMware also updated the advisory to confirm there is known exploits in the wild for one of those vulnerabilities CVE-2022-22954.

VMware releases Critical security updates (updated with known exploits for CVE-2022-22954) Read More »